09-11-2009 11:16 AM
Hi,
I have a question: I have 2 sites: Site A with a PIX 506 as a easy vpn client and site B with a PIX 515 as a easy vpn server . Both running 6.3 IOS.
I plan to replace the Pix 515 with a ASA 5510 running IOS version 8,x.
The setup of the vpn client is
vpnclient server xxx.xxx.xxx.xxx
vpnclient mode network-extension-mode
vpnclient vpngroup xxxx password xxxx
vpnclient enable
The easy vpn server is :
vpngroup xxxx address-pool ippool
vpngroup xxxx dns-server xxx.xxx.xxx.xxx
vpngroup xxxx default-domain xxx.com
vpngroup xxxx split-tunnel xxx
vpngroup xxxx idle-time 86400
As you see, there is no user needed, the client connect with only the preshare key.
I try to duplicate with my ASA:
access-list ezvpn1 extended permit ip any xxxxxx
group-policy myGROUP internal
group-policy myGROUP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ezvpn1
secure-unit-authentication disable
nem enable
webvpn
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto dynamic-map dynmap 30 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
tunnel-group acces_strom type ipsec-ra
tunnel-group acces_strom general-attributes
default-group-policy myGROUP
tunnel-group xxxxxx ipsec-attributes
pre-shared-key xxxxxx
Can I configure the easy vpn server on my ASA to only use the preshare key? It require a username. Or add a user on my easy vpn client configuration.
Can I configure the pix 506 as a easy vpn server, I will open a vpn session then add the user in the config? I don't want to down the vpn between the 2 site, The remote site is 3 hour from here.
I will replace the 506 with the 515 in the future and configure a L2L vpn.
Thanks
09-12-2009 04:22 AM
hiiiii
what vpn all about?
09-15-2009 05:06 AM
Ok,
Can I configure pix 506 as an easy vpn server and access it remotely even if it is already configured as an easy vpn client and connected to my pix 515?
09-24-2009 12:37 PM
I have the read the PIX/ASA 7.x Easy VPN with an ASA 5500 as the Server and PIX 506E as the Client (NEM) Configuration Example
I saw the example PIX-to-PIX 6.x: Easy VPN (NEM) Configuration Example
That is like my actual pix to pix configuration.
But can I configure my ASA 5510 as a easy vpn server without the user authentication?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: